Management of Information

Table of Contents

Management of Information

POLICIES

Information Management Plan 8.1

Patient Confidentiality 8.2

Release of Information 8.3

Utilization Review/Record Review 8.4

Patient Record Content 8.5

Record Retention and Security 8.6

Consent for Treatment and Services 8.7

Reporting of OASIS Information 8.8

FORMS/ATTACHMENTS

Computer Key/Password Statement 8.1A

Consent/Release of Information 8.3A

Utilization Review/Record Review 8.4A

Professional Pediatric Home Care December 2012

Contents – Chapter 8

ACHC Standard HH5-1B

Information Management Plan

______

Policy

The Agency shall implement a policy and procedure for an effective information management system either paper-based or electronic. Processes shall include effective management for capturing, reporting, processing, storing and retrieving service data and information in accordance with standards of practice.

______

Purpose

To define information management processes.

______

Reference

Health Facilities and Emergency Medical Services Division, 6 CCR 1011-1, Standards for Hospitals and Health Facilities, Chapter 26 – Home Care Agencies

______

Related Documents

“Computer Key/Password Statement” Form

______

Procedure

1.  The Agency shall implement a policy and procedure for an effective information management system either paper-based or electronic. Processes shall include effective management for capturing, reporting, processing, storing and retrieving service data and information in accordance with standards of practice.

·  Privacy and confidentiality of protected health information from unauthorized use or manipulation. Protection of data is within the current software programming and accepted security practice.

·  Organization of the patient record utilizing standardized formats for documenting all care, treatment and services provided to patients according to agency policy. Standardization shall not include pre-filled documentation of future care and services. The plan of care is formulated at the start of care and all start of care documentation is retained in the patients chart within the agency and the software system. The plan of care is updated at least annually.

2.  Agency electronic data for healthcare records practices shall ensure:

·  Validation of data entry access is accomplished with secured passwords and previously entered data is protected with manual backup of the computer software system.

·  Recovery of records including contingency plans for operational interruptions, emergency service plan included in the HIPAA manual and retrieval of information of data from storage is available with the backup system. All patient information and personnel information is strictly confidential.

·  Back up media will be stored in a secure, fire-proof storage unit located on site and will be used in the event that data retrieval becomes necessary.

3.  At time of employment, each individual who is authenticating medical record entries by computer will sign a statement that no one else will be allowed to use his/her computer key/password. This statement will be filed in the Agency’s administrative offices. The individual employee is responsible for maintaining the security of his/her computer key/password.

Professional Pediatric Home Care December 2012

8.1

ACHC Standard HH5-1B

COMPUTER KEY/PASSWORD STATEMENT

I understand the need and responsibility to maintain a high level of security with computer access. I will not allow anyone to use my computer key/password and accept full responsibility for the security of my computer key/password.

______

Signature Date

Professional Pediatric Home Care December 2012

8.1A

ACHC Standard HH2-5A

Patient Confidentiality

______

Policy

The patient shall have the right to confidentiality of all records, communications, and personal information. The Agency shall advise the patient of the agency’s policies and procedures regarding disclosure of clinical information and records.

______

Purpose

Every patient has the right to know that any information related to the care provided by the Agency will be kept confidential. Every employee will be aware of the need for patient confidentiality and to respect it.

______

Definitions

Privacy: An individual’s right to limit disclosure of personal information.

Confidentiality: The safekeeping of data/information so as to restrict access to individuals who have need, reason, and permission for such access.

Protected Health Information (PHI): Health information that contains information such that an individual person can be identified as the subject of that information.

Electronic Protected Health Information (EPHI): Health information created/stored electronically that contains information such that an individual person can be identified as the subject of that information.

______

Reference

Health Facilities and Emergency Medical Services Division, 6 CCR 1011-1, Standards for Hospitals and Health Facilities, Chapter 26 – Home Care Agencies

______

Procedure

1.  The Agency and agent acting on behalf of the Agency in accordance with a written contract must ensure the confidentiality of all patient information contained in the clinical record including OASIS data, and may not release patient identifiable information to the public.

2.  The Agency will comply with applicable HIPAA rules and regulations.

3.  Agency administrator will determine which employees have access to confidential information and ensure that the confidentiality and privacy practices and procedures are adopted and followed.

4.  Staff will treat any information obtained from patients, caregivers, physicians and other sources in a confidential manner.

5.  Types of information that are considered confidential include, but are not limited to, electronic, computerized information, telephone and cell phone communication, verbal and faxed information.

6.  Discussions of information regarding patients will be limited to information essential to the provision of care and services to the patient.

7.  All requests for specific patient information, other than that related to provision of services, are directed to the Administrator, who will determine whether and to whom information will be released.

8.  When patients are mentioned in memos, minutes, QM reports, phone calls etc., they will be referred to by patient ID numbers or initials.

9.  If a patient's information is to be published, the patient will be identified by initials or a pseudonym unless he/she specified otherwise.

10.  Discussion of patient information in a public place is discouraged. If a public phone or patient's home phone must be used, care is taken to assure privacy. Never discuss the care of one patient with another.

11.  All written patient information is stored in the patient's medical record. Charts are not removed from the office unless specific reason has been identified and approved.

12.  Computer files, including OASIS data encoding and transmission files, are password protected against unauthorized use, alteration, or damage.

13.  Home care records will not be left in unattended areas in the office, e.g., the reception area. All home care records will be kept stored in metal file cabinets to minimize the possibility of damage from fire and water. Records will be protected against unauthorized corruption, damage and/or intrusion.

14.  Personnel records will not be left in unattended areas in the office, e.g., the reception area. All personnel records will be kept stored in metal file cabinets to minimize the possibility of damage from fire and water. Records will be protected against unauthorized corruption, damage and/or intrusion.

15.  Persons who are not employees of the Agency may have access to office after normal business hours, e.g., cleaning service. However, all home care records will be maintained in metal locked file cabinets or locked file room after normal business hours to decrease the likelihood of accessibility by such persons.

16.  Patients may access their record in accordance with HIPAA policies.

17.  The Agency shall advise the patient of the agency’s policies and procedures regarding disclosure of clinical information and records.

18.  All staff will be oriented regarding the Agency Patient Confidentiality policy and procedure.

19. Healthcare providers may not interact with clients or family members (i.e. siblings) on social media sites( i.e. Facebook, YouTube), even if the family expressly invites providers to participate. Such activities breach professional boundary standards, as well as jeopardize client confidentiality. Failure to adhere to these confidentiality policies will result in progressive disciplinary actions, including termination of contract or employment.

20. All agency employees, Governing Body and PAC members must sign a confidentiality agreement.

Professional Pediatric Home Care December 2012

8.2

ACHC Standard HH2-5A

Release of Information

______

Policy

The Agency will notify the patient/family about the release of information at the time of patient admission.

______

Purpose

To guarantee that patient understands and consents to release of information before services are provided.

______

Related Documents

“Consent/Release of Information” form

______

Procedure

1. Upon admission the patient’s or patient’s authorized representative’s original, legal signature is obtained for the release of information to authorized representatives of relevant healthcare providers/agencies, reimbursement organizations, federal and state regulatory and licensing organizations, and accrediting organizations. All signatures must be legible.

2. Home care records may be removed from the organization’s jurisdiction and safekeeping only in accordance with a court order, subpoena or law or regulation.

3. The patient’s or patient’s legally authorized representative’s original signature is obtained to determine the legality of the patient accepting financial responsibility for the payment if other sources do not pay for care. All signatures must be legible.

4. Copies of medical reports are obtained as needed to determine patient’s medical history and medical findings.

5.  When information is requested, a detailed description is needed to determine what information is released.

6.  Release of information may include request by patient, request by a health care provider for treatment activities, request by a covered entity or health care provider for payment activities, law enforcement requests or subpoena. Conditions that warrant release may be determined by agency administrator.

7.  Information may be released to persons that are authorized in writing by the patient or agency employees for use within the office.

Professional Pediatric Home Care December 2012

8.3

CONSENT/RELEASE OF INFORMATION

I request that payment of authorized Medicare, Medicaid or other private insurance benefits be made to Agency for any services furnished to me by ______(Agency).

I authorize any holder of medical information about me to release to the Centers for Medicare and Medicaid Services and its agencies, or any other payor, any information needed to determine these benefits or the benefits payable for related services.

I give my permission for my records to be reviewed by relevant healthcare providers/agencies, reimbursement organizations, federal and state regulatory and licensing organizations, and accrediting organizations.

I understand that I will be responsible for the following payment:

I understand and agree to pay in full if my insurance denies payment. I consent to receive services from: Professional Pediatric Home Care, Inc. 2 Inverness Drive East, Suite 101, Englewood, CO 80112 303.759.1342

Patient Signature/Responsible Party Date

______

Relationship if not patient

Witness Date

Professional Pediatric Home Care December 2012

8.3A

Utilization Review/Record Review

______

Policy

Qualified individuals of the Agency will review a representative sample of patient records quarterly.

______

Purpose

To assure that the documentation is complete, accurate and timely and services provided are appropriate.

______

Reference

Health Facilities and Emergency Medical Services Division, 6 CCR 1011-1, Standards for Hospitals and Health Facilities, Chapter 26 – Home Care Agencies

______

Related Documents

“Utilization Review/Record Review” form

______

Procedure

1.  At least quarterly, a random sampling of five (5) patient charts will be reviewed.

2.  Using the Utilization Review/Record Review form, the patient record documentation will be reviewed. The results of the review will be combined into a summary report. The results will be analyzed through the quality management plan and results will be shared with staff as needed.

3.  Record review indicators for data and information contained within the record include:

·  Plan of care.

·  Following established Agency policy.

·  Legibility of documentation.

·  Accuracy and completeness.

·  Services rendered.

Professional Pediatric Home Care December 2012

8.4

UTILIZATION REVIEW/RECORD REVIEW

Patient ID#/Initials

Reviewer Name Review Date

Requirement / Yes / No
Plan of care present
Plan of care appropriate to patient’s condition / needs
Plan of care followed
Personal care workers follow established Agency policy
Visit notes legible, including personal care worker signature
Visit notes accurate and complete
Patient’s needs met with the assistance of the personal care worker
Services appropriate for patient’s condition, including frequency and duration of visits

Comments:

Professional Pediatric Home Care December 2012

8.4A

ACHC Standard HH5-1A, HH5-1A.01

Patient Record Content

______

Policy

The Agency will provide a complete and accurate record for each patient assessed, cared for, treated or served.

______

Purpose

To ensure complete and accurate documentation of patient status and home care services.

______

Reference

Health Facilities and Emergency Medical Services Division, 6 CCR 1011-1, Standards for Hospitals and Health Facilities, Chapter 26 – Home Care Agencies

______

Procedure

1.  A separate, complete and accurate record must be maintained for each patient requiring ongoing care.

2.  The original patient record must be maintained on the premises where the care is provided.

3.  The record shall contain sufficient information to identify the patient; support the diagnosis or condition; justify the care, treatment and/or services delivered, and promote continuity of care internally and externally, where applicable.

4.  Each record shall contain patient specific information, as appropriate to the care, including but not limited to:

·  Identification data.

·  Names of next of kin/legal guardian/emergency contact with phone numbers.

·  Name of primary caregiver(s) with phone numbers.

·  Source of referral.

·  Admission and discharge dates from hospital or other institution (if applicable).

·  Hospital records for known episodes when available.

·  Advance directives.

·  Names of power of attorney and/or healthcare power of attorney.

·  Name of physician responsible for care.

·  Diagnosis.

·  Physician orders, including medications and dietary, treatment and activity orders.

·  Signed release of information and other documents for protected health information.

·  Admission and informed consent documents (including signed notice of Bill of Rights and election of Hospice services (if applicable).

·  Assessment of the home.

·  Medical equipment provided by the Agency or related to the care, treatment and services provided including assessment of patient and family comprehension of appropriate use and maintenance.